Secure Flags Were Not Set To "Secure" When Creating Session Cookies.

(Doc ID 1677578.1)

Last updated on FEBRUARY 06, 2018

Applies to:

Oracle WebCenter Portal - Version and later
Information in this document applies to any platform.


When accessing WebCenter pages, the secure flag of JSESSIONID was set to "NULL" instead of "Secure". This may cause a Session Stealing issue.



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms